[Git][security-tracker-team/security-tracker][master] 7 commits: Triage CVE-2022-27811 in ocrfeeder for stretch LTS.
Chris Lamb (@lamby)
lamby at debian.org
Wed Jun 22 08:06:21 BST 2022
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
94c1c5f2 by Chris Lamb at 2022-06-22T07:57:52+01:00
Triage CVE-2022-27811 in ocrfeeder for stretch LTS.
- - - - -
0bef15d4 by Chris Lamb at 2022-06-22T07:58:24+01:00
Triage CVE-2021-46823 in python-ldap for stretch LTS.
- - - - -
6cd67bf7 by Chris Lamb at 2022-06-22T07:59:20+01:00
Triage CVE-2016-10006, CVE-2017-14735, CVE-2021-35043, CVE-2022-28366 & CVE-2022-28367 in libowasp-antisamy-java for stretch LTS.
- - - - -
122df281 by Chris Lamb at 2022-06-22T08:00:11+01:00
Triage CVE-2022-32545, CVE-2022-32546 & CVE-2022-32547 in imagemagick for stretch LTS.
- - - - -
855f0c29 by Chris Lamb at 2022-06-22T08:00:37+01:00
Triage CVE-2022-2085 in ghostscript for stretch LTS.
- - - - -
6f507541 by Chris Lamb at 2022-06-22T08:04:24+01:00
data/dla-needed.txt: Triage ompl for stretch LTS (CVE-2021-41490)
- - - - -
a7225c3f by Chris Lamb at 2022-06-22T08:05:49+01:00
data/dla-needed.txt: Claim exo.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -550,6 +550,7 @@ CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service wh
- python-ldap 3.4.0-1
[bullseye] - python-ldap <no-dsa> (Minor issue)
[buster] - python-ldap <no-dsa> (Minor issue)
+ [stretch] - python-ldap <no-dsa> (Minor issue)
NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
CVE-2021-46822 (The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoa ...)
- libjpeg-turbo 1:2.1.1-1
@@ -2068,6 +2069,7 @@ CVE-2022-2085 (A NULL pointer dereference vulnerability was found in Ghostscript
- ghostscript 9.56.0~dfsg-1
[bullseye] - ghostscript <no-dsa> (Minor issue)
[buster] - ghostscript <no-dsa> (Minor issue)
+ [stretch] - ghostscript <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704945
NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df (ghostpdl-9.56.0rc1)
CVE-2022-2084
@@ -3819,6 +3821,7 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
- imagemagick <unfixed>
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813
NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033
NOTE: https://github.com/ImageMagick/ImageMagick/pull/5034
@@ -3828,6 +3831,7 @@ CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the
- imagemagick <unfixed>
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091812
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4985
NOTE: https://github.com/ImageMagick/ImageMagick/pull/4986
@@ -3837,6 +3841,7 @@ CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the
- imagemagick <unfixed>
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091811
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4962
NOTE: https://github.com/ImageMagick/ImageMagick/pull/4963
@@ -15690,6 +15695,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on
- libowasp-antisamy-java <unfixed> (bug #1010154)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae (v1.6.6)
NOTE: Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577
NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
@@ -15697,6 +15703,7 @@ CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via
- libowasp-antisamy-java <unfixed> (bug #1010154)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/releases/tag/v1.6.6
NOTE: https://github.com/nahsra/antisamy/issues/174
CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure ...)
@@ -17600,6 +17607,7 @@ CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via she
- ocrfeeder <unfixed> (bug #1008320)
[bullseye] - ocrfeeder <no-dsa> (Minor issue)
[buster] - ocrfeeder <no-dsa> (Minor issue)
+ [stretch] - ocrfeeder <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13
NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e (0.8.5)
NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef (0.8.5)
@@ -68654,6 +68662,7 @@ CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when
- libowasp-antisamy-java <unfixed>
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/pull/87
CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...)
- python-django <not-affected> (Vulnerable code introduced in 3.1)
@@ -308142,6 +308151,7 @@ CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as de
- libowasp-antisamy-java <unfixed>
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/issues/10
CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote atta ...)
NOT-FOR-US: libbpg
@@ -341889,6 +341899,7 @@ CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafte
- libowasp-antisamy-java <unfixed>
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/issues/2
CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ob ...)
NOT-FOR-US: SAP
=====================================
data/dla-needed.txt
=====================================
@@ -57,7 +57,7 @@ exempi
NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further analysis
NOTE: 20220517: is needed.
--
-exo
+exo (Chris Lamb)
NOTE: 20220621: Programming language: C/GLib
--
firejail (Sylvain Beucler)
@@ -204,6 +204,8 @@ nvidia-graphics-drivers
NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
NOTE: 20220209: backport (apo)
--
+ompl
+--
openscad
NOTE: 20220529: Programming language: C++.
NOTE: 20220524: Follow buster: harmonize with with Debian 10.12 (1 CVE) (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6073828a5fe34d3a8c1acb253945dc3927d98332...a7225c3f034d8ee0d4c69eaea0cabd609b42414c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6073828a5fe34d3a8c1acb253945dc3927d98332...a7225c3f034d8ee0d4c69eaea0cabd609b42414c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220622/6d098965/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list